656 matches found
Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability
Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides reports related to business data and call center data presentation capabilities. A server-side request forgery vulnerability exists in Cisco Unified Intelligence...
UBUNTU-CVE-2025-53537
LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set suricata.yaml...
CVE-2025-8037
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
Malicious code in aog-checker (npm)
Malicious package due to data exfiltration via HTTPS and DNS, and a suspicious preinstall script executing code before installation. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7348f881da3fd51ab1de0082ff6538b4c7882dd76eb460e2f64cac368fadd7c7 Any computer that ha...
Brother Industries Multiple driver installers for Windows 安全漏洞
Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows, which can be exploited by an unauthenticated attacker to access the /etc/mntinfo.csv path vi...
libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value
A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...
CVE-2025-6146
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...
The vulnerability of the Activity Guide Composer component in the PeopleSoft Enterprise CC Common Application Objects suite allows a malicious individual to gain unauthorized access to read, add, modify, or delete data.
The vulnerability of the Activity Guide Composer component, a toolset for managing and processing data in PeopleSoft Enterprise CC Common Application Objects, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized acces...
The vulnerability of the Attachments component in the iSupplier Portal application of the Oracle E-Business Suite allows a perpetrator to disclose protected information.
The vulnerability of the Attachments component in the iSupplier Portal application of the Oracle E-Business Suite is related to access control errors. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information using the HTTP protocol...
CVE-2023-21984
Vulnerability in the Oracle Solaris product of Oracle Systems component: Libraries. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can...
Streamlining HTTP Flooding Attack Detection through Incremental Feature Selection
Applications over the Web primarily rely on the HTTP protocol to transmit web pages to and from systems. There are a variety of application layer protocols, but among all, HTTP is the most targeted because of its versatility and ease of integration with online services. The attackers leverage the...
DEBIAN-CVE-2025-47905
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...
OESA-2025-1468 cobbler security update
Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...
CVE-2025-41414
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header
A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...
USN-7469-4 h2o vulnerability
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for H2O. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to...
h11 环境问题漏洞
h11 is a small HTTP/1.1 library written from scratch in Python by the individual developer Nathaniel J. Smith. An environment issue vulnerability exists in versions of h11 prior to 0.16.0, which stems from improper parsing of line terminators and could lead to a request entrapment attack...
FreeBSD : mozilla -- memory corruption (b31a4e74-109d-11f0-8195-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b31a4e74-109d-11f0-8195-b42e991fc52e advisory. [email protected] reports: CVE-2025-1938: Memory safety bugs present in Firefox 135,...
CLSA-2025-1743164157 Fix CVE(s): CVE-2023-44487
SECURITY UPDATE: Denial of service - debian/patches/CVE-2023-44487.patch: Improvements to HTTP/2 overhead protection - CVE-2023-44487...